Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

$26 of Software Defeats American Military

CmdrTaco posted more than 4 years ago | from the cheap-at-twice-the-price dept.

The Military 534

reporter writes "A computer program that can be easily purchased for $25.95 off the Internet can read and store the data transmitted on an unsecured channel by an unmanned drone. Drones are crucial to American military operations, for these aerial vehicles enable Washington to conduct war with a reduced number of soldiers. '... the intercepts could give America's enemies battlefield advantages by removing the element of surprise from certain missions and making it easier for insurgents to determine which roads and buildings are under US surveillance.'"

cancel ×

534 comments

IN soviet russia (5, Funny)

Anonymous Coward | more than 4 years ago | (#30472612)

...you observe uav

but what are the hardware costs? (4, Interesting)

Anonymous Coward | more than 4 years ago | (#30472616)

Well, demodulating an unencrypted digital signal is not news.

I am more interested in what kind of RF equipment one would need to capture it off the air.
It's not like you can do this with your WiFi card. ;)

Appearantly, not much (1, Interesting)

NoYob (1630681) | more than 4 years ago | (#30472700)

In the summer 2009 incident, the military found "days and days and hours and hours of proof" that the feeds were being intercepted and shared with multiple extremist groups, the person said. "It is part of their kit now."

It's either pretty cheap or very easily stolen. I would thing they are using something off the shelf.

Re:but what are the hardware costs? (5, Insightful)

brusk (135896) | more than 4 years ago | (#30472702)

No, demodulating a signal is not news. But not encrypting it in the first place ought to be. (And TFA had a red herring in its focus on the software used to record the signal--the software is probably the easy part, once you've captured the signal).

Re:but what are the hardware costs? (5, Funny)

StatureOfLiberty (1333335) | more than 4 years ago | (#30472768)

Let me guess. GA-ASI (maker of the MQ-9 Reaper drone) makes voting machines too.

Re:but what are the hardware costs? (5, Informative)

ArcherB (796902) | more than 4 years ago | (#30472878)

No, demodulating a signal is not news. But not encrypting it in the first place ought to be.

(And TFA had a red herring in its focus on the software used to record the signal--the software is probably the easy part, once you've captured the signal).

We were using SINCGARS in the early 90's. SINCGARS is a frequency hopping, encrypted method of voice communication. We were just starting to use it to network military vehicles and personnel with HQ and each other. If SINCGARS could have been cracked, it would have put a beacon on every vehicle and soldier on and off the battlefield, not to mention eavesdropping. However, the inventor of SINCGARS could not decrypt the signal without the software and hardware keys. The software keys were changed at will. Usually weekly, but could easily be done daily. I am shocked that this signal does not use better encryption and/or frequency hopping. This type of communication is critical to tomorrow's battlefield.

Re:but what are the hardware costs? (5, Insightful)

sycodon (149926) | more than 4 years ago | (#30472994)

If they can prevent me from watching porn on cable and satellite, they should be able to prevent these guys from hijacking the video feeds from the UAVs.

Re:but what are the hardware costs? (5, Funny)

WeeLad (588414) | more than 4 years ago | (#30473062)

If you squint and have a vivid imagination, they can never stop you.

Re:but what are the hardware costs? (2, Informative)

sycodon (149926) | more than 4 years ago | (#30473096)

True! So True!

Re:but what are the hardware costs? (5, Funny)

Anpheus (908711) | more than 4 years ago | (#30472716)

Turns out the drones use bluetooth. Just the other day my laptop asked me to sync to one when I was put a pringles can on the antenna.

"Windows has found a MQ-9 Reaper, would you like to connect?"

At this point I was (a.) terrified and (b.) glad that somebody with some clout was going to do something about the increased crime in the area.

Re:but what are the hardware costs? (5, Informative)

AlexiaDeath (1616055) | more than 4 years ago | (#30472798)

Reading the information in the article and deducting from the software used, all you need is satellite internet card, satellite dish and the SkyGrabber, a bit of software that records anything video like it finds in satellite data stream. Pretty much off the shelf hardware for a place with limited infrastructure.

USRP (1)

autocracy (192714) | more than 4 years ago | (#30472966)

Wide bandwidths, and ultimately covers just about everything from 100kHz to 3GHz. Transmit, receive, etc. Using this device, which costs about $1-2 thousand for a full kit and transmitter, you can listen to entire bands at once (the $750 unit handles 8MHz). These units have been used to create cell phone base stations.

Yum.

http://www.ettus.com/

opps (0)

Anonymous Coward | more than 4 years ago | (#30472622)

lol looks like they need a better software team.
Just Imagine what someone with actual resources (e.g. a government) could do if Militants could hack them.

Re:opps (-1, Redundant)

amazingxkcd (1682296) | more than 4 years ago | (#30472632)

thats why smart dont work for the government, they make games!

All your drone are belong to us (0)

tedgyz (515156) | more than 4 years ago | (#30472630)

WTF?!?!?

Re:All your drone are belong to us (1)

gemtech (645045) | more than 4 years ago | (#30472876)

no kidding. That was my first reaction, too.

Re:All your drone are belong to us (5, Insightful)

HateBreeder (656491) | more than 4 years ago | (#30473164)

Sensationalist... i would expect this from a tabloid.

Title should have been: Unencrypted data broadcasted everywhere ... can be received by anyone!

The leap from that to "$26 of Software Defeats American Military" is quite a big leap in my opinion.

Sh..... (5, Funny)

jc42 (318812) | more than 4 years ago | (#30472638)

Don't tell the DoD. They've been paying $7,000 per license for that software.

Re:Sh..... (2, Insightful)

gplus (985592) | more than 4 years ago | (#30472790)

Why are the military so goddam stupid? They have been transmitting video unencrypted ever since the Bosnia conflict. And apperantly they're still happily going on making same mistake as Joe Sixpack, setting up his new home wireless router.

Don't they understand that even the weakest simplest encryption, is 1000 times better than none at all?

Re:Sh..... (1, Insightful)

elrous0 (869638) | more than 4 years ago | (#30472830)

Why are the military so goddam stupid?

Not to be harsh about it, but think back to high school and college and ask yourself if you would describe the people who were planning military careers as the "best and brightest" of your class.

Re:Sh..... (3, Insightful)

thetoadwarrior (1268702) | more than 4 years ago | (#30472872)

Yeah because being a computer engineering in the military is some how infinitely easier than in the private sector which allows the stupid kids to do it after school. They let just anyone fly jets too.

Re:Sh..... (4, Insightful)

Anonymous Coward | more than 4 years ago | (#30473188)

This is just my experience but I met some computer engineers with top secret clearance working at the DoD. They are so incompetent that it's scary. Even worse, they were contractors/consultants. I'm not saying all DoD computer engineers are idiots. The problem is the government is so incompetent that they've given much of the work to large consulting companies whose sole purpose is to fill as many seats as possible for the revenue.

Re:Sh..... (1)

Sparky McGruff (747313) | more than 4 years ago | (#30473194)

Some of them, yes, were certainly the "best and brightest". The problem isn't with the personnel in the military that are operating this technology, it's with the corrupt procurement system. These systems were designed and built by the big defense contractors, and they were paid handsomely to do so. There's no incentive for them to be cost-effective, or to go above the minimum requirements. Heck, if they don't meet the minimum requirements they'll get a new contract to fix their mistakes in a few years. These systems take so long to get in place that they're outdated by the time they hit the ground. And the way they are designed, spec'd, and implemented means that simple updates take years and billions of dollars.

Re:Sh..... (1)

228e2 (934443) | more than 4 years ago | (#30472940)

Why are the military so goddam stupid?

lol . . . .

Re:Sh..... (1)

gregthebunny (1502041) | more than 4 years ago | (#30473192)

That is proper grammar. "Military [wiktionary.org] " may be plural or singular.

Re:Sh..... (1)

smileyphase (1665505) | more than 4 years ago | (#30472812)

But why are they even running an unsecured channel? I'd expect a bit more from the Army IT guys...

Re:Sh..... (1)

Theoboley (1226542) | more than 4 years ago | (#30472968)

ive got a friend who works for the Army in their IT Dept. in middle wisconsin. From what he tells me, his boss sits and plays WOW all day... Now, i know that this isn't representative of every IT worker in the US Army, but with this said, does it really come as a surprise that a $26 piece of software overcame our army intelligence?

Re:Sh..... (0, Insightful)

Anonymous Coward | more than 4 years ago | (#30473186)

Don't tell the DoD. They've been paying $170,000 per license for that software.

There. Fixed that for you.

Defeat Wikipedia. (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#30472652)

Click this link and then click save page [wikipedia.org]

Closedmouth and OverlordQ are faggots.

This is bullshit, guys. (5, Informative)

fuzzyfuzzyfungus (1223518) | more than 4 years ago | (#30472668)

We need an OSS option stat. Nobody should have to give up their software freedom just to make a mockery of America's finest tech toys.

The only question is, would this make more sense as an added option in wireshark, or GNU Radio?

Re:This is bullshit, guys. (1, Troll)

AlexiaDeath (1616055) | more than 4 years ago | (#30472850)

Ethereal(wireshark was renamed ages ago you know) UI is somewhat limited for such use but perhaps its back end combined with some video detection code and some say python UI could provide the tools quite quickly.

Re:This is bullshit, guys. (2, Informative)

Anonymous Coward | more than 4 years ago | (#30472890)

Ethereal is the old name [wireshark.org] . The lead dev lost access to the Ethereal trademark, and the project moved over to Wireshark.

Re:This is bullshit, guys. (1)

AlexiaDeath (1616055) | more than 4 years ago | (#30472928)

Sorry, seems I had the names confused. Kudos for reminding me the right order.

Re:This is bullshit, guys. (1, Redundant)

flosofl (626809) | more than 4 years ago | (#30472908)

Ethereal(wireshark was renamed ages ago you know)...

You have that backward. It hasn't gone by Ethereal for quite a few years. The official, current name is Wireshark [wireshark.org] .

Re:This is bullshit, guys. (0, Redundant)

bsDaemon (87307) | more than 4 years ago | (#30472918)

Wireshark is the new name for what started out as Ethereal, not the other way around.

Re:This is bullshit, guys. (-1, Redundant)

Anonymous Coward | more than 4 years ago | (#30472962)

Yes, Wireshark is the *NEW* name for what used to be known as Ethereal. The name changed like you said, ages ago.

Source: the Wireshark website [wireshark.org] .

"Wireshark used to be known as Ethereal®. See the next question for details about the name change. If you're still using Ethereal, it is strongly recommended that you upgrade to Wireshark."

Re:This is bullshit, guys. (5, Funny)

j-pimp (177072) | more than 4 years ago | (#30472920)

The only question is, would this make more sense as an added option in wireshark, or GNU Radio?

Well to keep with the unix philisophy of small reusable components the following should be done:

  • libUAVSniff should be created on github
  • libUAVSniff should be developed. It should include a simple command line program for sniffinf UAV traffic and spew to stdout
  • Wireshark will add a module that uses this library
  • GNURadio will add a module that uses this library
  • Someone will fork it on github and write an irc bot that will post UAV locations
  • Someone will fork it on github and write a twitterbot
  • github forks for perl modules, .net/java wrapper, etc
  • A codeproject article explaining how to track UAVs and plot their location using silverlight.

Re:This is bullshit, guys. (1)

troll8901 (1397145) | more than 4 years ago | (#30473064)

I don't know how OSS and "small reusable components" work, so your post is very interesting indeed.

A codeproject article explaining how to track UAVs and plot their location using silverlight.

But I don't understand the line above. Is there a whoosh that just flew over my head?

$26 is a lot (5, Insightful)

gurps_npc (621217) | more than 4 years ago | (#30472672)

How much is a bullet to the brain of the General commanding the war? But you need a trained sniper and an awfully good insertion to get that bullet there.

Counting the cheapest part of the machine is silly.

Software is often free. $26 is a lot for software. The radio reception, etc. and knowing where to aim are all much more expensive and require skill.

Re:$26 is a lot (1)

Rogerborg (306625) | more than 4 years ago | (#30472788)

Tend to agree, especially since current strategy is to only pick fights with opponents one step above the stone age, then bomb them right back into it.

Re:$26 is a lot (1, Offtopic)

jimicus (737525) | more than 4 years ago | (#30472886)

It's not even a particularly original strategy. The British used to employ almost identical tactics back in the late 19th/early 20th century. Back then, the prerequisite of a British campaign was that the enemy should under no circumstances carry guns -- even spears made us think twice. The kind of people we liked to fight were two feet tall and armed with dry grass.

Re:$26 is a lot (1, Informative)

Anonymous Coward | more than 4 years ago | (#30473202)

It's not even a particularly original strategy. The British used to employ almost identical tactics back in the late 19th/early 20th century. Back then, the prerequisite of a British campaign was that the enemy should under no circumstances carry guns -- even spears made us think twice. The kind of people we liked to fight were two feet tall and armed with dry grass.

Quoting Blackadder without giving credit makes you the opposite of witty and original.

It doesn't defeat them (3, Insightful)

mysidia (191772) | more than 4 years ago | (#30472674)

Defeating them would be gaining control of the drones (a really scary proposition)

This seems to be an information leak.. something that ought to be fixable by using some sort of encryption.

Or even by making slight changes to the stream format, since SkyGrabber seems to just be off-the-shelf software.

Re:It doesn't defeat them (0)

Anonymous Coward | more than 4 years ago | (#30472754)

Yeah. And they say these drones make one hell of a noise, so it's no secret when they're coming either.

Re:It doesn't defeat them (1)

Dunbal (464142) | more than 4 years ago | (#30472780)

Defeating them would be gaining control of the drones (a really scary proposition)

      If the outgoing stream wasn't encrypted, what makes you think the control stream was? It probably wasn't encrypted either - apart from the fact that the commands themselves are a form of substitution cypher.

Re:It doesn't defeat them (1)

nedlohs (1335013) | more than 4 years ago | (#30472946)

If the mission is to see without being seen and gather intelligence then intercepting the video feed would seem to be defeating the drone.

The article mentions that they didn't bother with encryption because it would cost money and just assumed no one would notice.

And of course the new $10 million a pop model have the same problem, even though they new about it before work on that one was even started.

Oh noes (4, Informative)

OverlordQ (264228) | more than 4 years ago | (#30472682)

So they recorded unencrypted OTA video feeds? While yes, they probably should have been encrypted in the first place and . . .

The U.S. government has known about the flaw since the U.S. campaign in Bosnia in the 1990s, current and former officials said. But the Pentagon assumed local adversaries wouldn't know how to exploit it, the officials said.

Yea that's kinda bad and lazy of them,

Senior military and intelligence officials said the U.S. was working to encrypt all of its drone video feeds from Iraq, Afghanistan and Pakistan, but said it wasn't yet clear if the problem had been completely resolved.

they're fixing it.

Re:Oh noes (4, Insightful)

fuzzyfuzzyfungus (1223518) | more than 4 years ago | (#30472766)

I'm frankly more worried about "But the Pentagon assumed local adversaries wouldn't know how to exploit it, the officials said." than I am about this particular security vulnerability.

Security vulnerabilities happen, and are unfortunate and need to be fixed, and we really should spend more time and resources on caring about them; but that is all manageable software/systems engineering stuff.

Making important decisions on the basis of "Eh, our enemies are just ignorant mud farmers anyway, no problem", on the other hand, is colossally arrogant and extremely dangerous. Particularly, since the US currently has the world's highest tech and most expensive military, "Eh, they're just primitives, no problem" is a practically all-purpose dismissal of virtually any problem that you are too lazy to fix. That is a recipe for learning, the hard way, about every new asymmetric warfare trick.

Re:Oh noes (-1, Flamebait)

Anonymous Coward | more than 4 years ago | (#30473024)

Making important decisions on the basis of "Eh, our enemies are just ignorant mud farmers anyway, no problem", on the other hand, is colossally arrogant and extremely dangerous.

What are you talking about? This attitude towards adversaries worked perfectly in the Vietnam War.

"Them chinks got those squinty eyes so they can't see prop'ly in the jungle", don'tcha know. Yee haw.

Worked perfectly.

Re:Oh noes (4, Interesting)

couchslug (175151) | more than 4 years ago | (#30472858)

It could be a deliberate ploy to manipulate what the enemy "sees". Why not have a "leak"?
It's a bit like leaving USB keys around for the unsuspecting to pick up...

Re:Oh noes (0)

Anonymous Coward | more than 4 years ago | (#30472984)

14?

ASS-U-ME (1)

geekmux (1040042) | more than 4 years ago | (#30472974)

So they recorded unencrypted OTA video feeds? While yes, they probably should have been encrypted in the first place and . . .

The U.S. government has known about the flaw since the U.S. campaign in Bosnia in the 1990s, current and former officials said. But the Pentagon assumed local adversaries wouldn't know how to exploit it, the officials said.

Yea that's kinda bad and lazy of them,

Senior military and intelligence officials said the U.S. was working to encrypt all of its drone video feeds from Iraq, Afghanistan and Pakistan, but said it wasn't yet clear if the problem had been completely resolved.

they're fixing it.

#1: Someone once said "Assumption is the mother of all fuckups". My only hope is that this unencrypted intel is somehow time-sensitive enough that adversaries are getting their hands on it about 3 seconds before the target is destroyed, but I'm not going to "assume" that any operation or procedure is THAT efficient.

#2: "They're fixing it" is the worst fucking excuse I've ever heard for a problem that is over 15 years old. Don't sit here and try and convince me that crypto hardware(or software for that matter) is a foreign concept with military communications.

Time to copyright! (5, Funny)

jsnipy (913480) | more than 4 years ago | (#30472690)

Perhaps the US can put an IP copyright on the data then sue anyone who looks at it without a licesnce! More money!

Special offer! (1)

Luxusleben (808718) | more than 4 years ago | (#30472696)

New in stock: The missile pack!

Buy your voucher now and for just 5.99 $, you'll get your chance to fire an onboard missile.
No hits guaranteed, maker cannot be held responsible for eventual damage. Offer valid for limited time only.

The Pentagon is full of idiots (1, Insightful)

SirGarlon (845873) | more than 4 years ago | (#30472698)

They're flying missions halfway around the world and not even bothering to encrypt the video stream. I can understand that in the rush to get drones in the field they might have had to cut a few corners on the system design -- but for crying out loud they've had 8 years to patch this hole. *Sigh* Your tax dollars at work.

Re:The Pentagon is full of idiots (1, Interesting)

AHuxley (892839) | more than 4 years ago | (#30472792)

The US never encrypts :) They suck up everything they can, emails, faxes, tv, radio, 'interweb' and then sort the data against a known set of words, terms.
Putting encryption in drones is bad. If they fail, the 'bad' people learn much.
If the encryption fails in the long world wide US com links, the US learns nothing due to computer errors.
What they have now is good.
Its in the clear, real time, fast and anyone in the US mil can get to it.
If it falls from the sky, its suburban comms junk, some fancy optics and mb a weapons pack.
If you work for the US mil, your real problem is space blankets or Mylar balloons vs some thermal imagers:)

Re:The Pentagon is full of idiots (1)

physicsphairy (720718) | more than 4 years ago | (#30472888)

What if the military has arranged a backdoor in this particular software package? That could result in an awful lot of valuable intelligence for them. Handing out a few unencrypted drone feeds to bait the trap might not be such a terrible tradeoff.

Not saying that's how it is, of course, but it's a possibility.

Re:The Pentagon is full of idiots (1)

budgenator (254554) | more than 4 years ago | (#30473116)

You're of course assuming that this is just a hole and not a trap, the possibilities for miss-information abound in situations like this. Imagine the stress involved in seeing a video feed tracking your every movement from a machine that can spit silent death at any second and waits for weeks for you to make that one lethal mistake.

Re:The Pentagon is full of idiots (1)

nedlohs (1335013) | more than 4 years ago | (#30473136)

They've had over 14 years to fix it since they noticed it. Note, they've designed and built and put into service the next model which has the same problem since then. So clearly they just don't care.

Stupid question time... (1)

ErnieD (19277) | more than 4 years ago | (#30472704)

...why in the world wasn't all the data feeds sent to & from a drone encrypted ALREADY? It took someone sniffing the wireless feed for someone to realize this?!

note to self: (1)

nadaou (535365) | more than 4 years ago | (#30472706)

it is generally a bad idea to piss off people who have access to thermonuclear weapons and killer robots when I don't.

since this is /. I'll throw in a conspiracy theory + dumb meme: is the program really a CIA honeypot which just reports fake data? in the post 9/11 era, does your tracking software track you?

Re:note to self: (2, Informative)

AHuxley (892839) | more than 4 years ago | (#30472958)

The US is known for in the clear intel gathering. They only encrypt the stuff they are interested in after sorting, that way they can sort a lot of info, very fast. If the US had to fill the sky with crypto computers on sats the flow would slow. Best just to push raw packets to a safe area.
The software CIA honeypot is Microsoft and people who use it networked.
Just as Enigma was and crypto ag was.
Skygrabber is a powerful filter system for a satellite dish. Passive and not networked.
Mb some version of Rivet Joint can spot the satellite dishes?

Seriously would it have been difficult (1)

DarkOx (621550) | more than 4 years ago | (#30472708)

Why did nobody slap AES or blowfish block ciphers around the video packets? I admit I am assuming the video is digital. There are inexpensive (in terms of the cost of a drone) silicon implementations of both for the planes and BSD licensed software for the stations. If they just used preshared keys its would have been trivial to do and probably would have prevented this.

Re:Seriously would it have been difficult (1, Interesting)

Dunbal (464142) | more than 4 years ago | (#30472750)

Why did nobody slap AES or blowfish block ciphers around the video packets?

      You marvel because (yet again) government is shown to be incompetent and inefficient?

      Not only that, but I'm sure the US government will now pay millions more than it actually costs to "secure" these feeds. And then they will probably lose the encryption keys and work out some sort of hack as a compromise that will be far less secure than the original - only no one will know about it.

      This is what you pay taxes for.

Re:Seriously would it have been difficult (4, Informative)

Eivind (15695) | more than 4 years ago | (#30472998)

It should've been encrypted, for sure. Agreed.

However, it does need to be encryption that works over a noisy channel, with possible gaps in the datastream. Your typical block-cipher using chaining thus doesn't qualify. (If you wonder why, try encrypting a one-megabyte file, then change a few characters randomly in the first half of the file, then decrypt it)

It's still not a hard problem mind you, just slightly more so than "grab AES, set it to CBC-mode"

Seems Expensive (2, Funny)

Clovis42 (1229086) | more than 4 years ago | (#30472710)

I doubt a "terrorist" is the kind of person who would actually spend money on software. I know perfectly reasonable teenagers who access software for free all the time on this thing called the internet.

RMS (4, Funny)

Ukab the Great (87152) | more than 4 years ago | (#30472836)

Not all religious zealots with huge bushy beards who fight in jihads and live in caves and don't use commercial software are terrorists.

Chinese? (1)

sbrowne (461863) | more than 4 years ago | (#30472744)

The English text on the main SkyGrabber page could use some polishing. Is this from China?

I hope the steering channel is encrypted. (0)

SharpFang (651121) | more than 4 years ago | (#30472752)

It would be scary/interesting/awesome/horrible [make your pick] if the insurgents could subvert the drones, take over them, land them, load full of explosives, upgrade to encrypted software and use to bomb american bases.

Re:I hope the steering channel is encrypted. (1)

GNUALMAFUERTE (697061) | more than 4 years ago | (#30472916)

Or they could subvert the drones, take them over, land them, and send them back in time to kill Washington's mother.

They'll be back.

Anonymous Coward (2, Insightful)

Anonymous Coward | more than 4 years ago | (#30472762)

Perhaps the smart play would be to quietly encrypt actual data, while continuing to broadcast placebo or manipulated data in the clear.

No risk? (0)

Anonymous Coward | more than 4 years ago | (#30472770)

So, unencrypted or not, what's the risk here?

Do you think that Osama bin Keanu Reeves is going to record the footage from the drone, then loop it and play it back with a competing signal while he slips out the door in the floor?

Frankly, if the signal was encrypted, you could still use triangulation to determine the location of the drone, and you'd have the same knowledge of what's being surveilled.

This is a cool hack, and nothing more.

And the big deal is what? (1)

careykohl (682513) | more than 4 years ago | (#30472784)

Honestly, what is the big deal?

FTA: '... the intercepts could give America's enemies battlefield advantages by removing the element of surprise from certain missions and making it easier for insurgents to determine which roads and buildings are under US surveillance.'"

An advantage? How? You know how the insurgents can figure out what roads and building are under US surveillance? It's the ones we keep flying drones over! I mean they can see the drones, they can hear the drones, they know what they're doing when the drones fly over them, they know the drones are taking video and pictures, and they should already have a pretty good idea what is in the video and pictures already.

Now if they somehow figured out how to tap into the cameras and have the drones relay video and pictures when they were flying back into base then I would say they've got an advantage, or if they tapped into actual satellite and spy plane footage.

Sure it's a bit stupid they didn't encrypt the actual feed but is the enemy getting any information they didn't know about already?

Re:And the big deal is what? (1)

AHuxley (892839) | more than 4 years ago | (#30473038)

They get to see what the US sees, what shapes, colours, objects draw in the US operators.
Then they can try things. Create dummy glowing moving targets to fire ammo at :)
Or just suggest better cover - what material breaks up the human form best?

Re:And the big deal is what? (1)

careykohl (682513) | more than 4 years ago | (#30473178)

The drone is flying over your head. It circled around and came back. Guess what? What ever you were doing drew a US operator. See how easy it is? And I didn't even *need* to see the video.

Figuring out better cover is easy too. Put a sandish colored tarp over what you're doing. Did the drone that just flew over come back? Bingo! You're probably golden. Has it come back 47 times in the last two days? I'd say you need a new tarp.

So instead of leaking this to the news... (5, Insightful)

a_nonamiss (743253) | more than 4 years ago | (#30472806)

why didn't the DoD just start passing a fake feed from the drone? They could have added another encrypted channel for the real feed, which I would assume is trivial given the military's budget. Then pass fake data over the unencrypted channel. Sometimes disinformation to the enemy is far more valuable than real intelligence. I can see a bunch of jihadis sitting around watching a tv screen. "Look at those infidels. They are going to blow up the wrong building! Our secret base is 100 kilometers away! Say, does anyone else hear that noi..." [BOOM]

MOD Parent up (1)

tdobson (1391501) | more than 4 years ago | (#30472904)

Disinformation is a great attack.

you have a good point (4, Insightful)

circletimessquare (444983) | more than 4 years ago | (#30473052)

furthermore, there's nothing to say they still can't do that, or aren't actually doing that already. in fact, a big story in the international press about how dumb the military is on these video feeds is a good cover. one can hope, anyways, that the military is smarter than depicted in this story

Hubris (5, Insightful)

mruizcamauer (551400) | more than 4 years ago | (#30472814)

"U.S. military personnel in Iraq discovered the problem late last year when they apprehended a Shiite militant whose laptop contained files of intercepted drone video feeds. In July, the U.S. military found pirated drone video feeds on other militant laptops, leading some officials to conclude that militant groups trained and funded by Iran were regularly intercepting feeds." The Germans did not think the Poles could break their codes. The Japanese did not think the US and the Australians would break their codes. The British did not think Argentina would finish assembling the Exocets on their own without the French manuals or use them in a way differently than designed. The Afghan and Iraqi insurgents have the money and the brains to break into Western weapon systems, don't underestimate them (or the probable help from Iran, Syria, Korea, etc...) The prospect of getting killed is a powerful motivator.

my favorite part: (0, Redundant)

circletimessquare (444983) | more than 4 years ago | (#30472816)

The militants use programs such as SkyGrabber, from Russian company SkySoftware. Andrew Solonikov, one of the software's developers, said he was unaware that his software could be used to intercept drone feeds. "It was developed to intercept music, photos, video, programs and other content that other users download from the Internet -- no military data or other commercial data, only free legal content," he said by email from Russia.

can you hear the RIAA licking its chops? "see? we told you: media piracy software directly supports terrorism!" be on the lookout for media company fearmongering after this fiasco

otherwise, it looks like cyberpunk science fiction is now reality: insurgents hacking airbourne military robots. those 5 words are straight out of 1980s science fiction. skynet indeed

and thats some awesome security you have on those video feeds there mr. pentagon! what kind of military intelligence does it require to conclude that gee, i dunno, maybe those feeds should be encrypted? pffffft

A senior defense official said that James Clapper, the Pentagon's intelligence chief, assessed the Iraq intercepts at the direction of Defense Secretary Robert Gates and concluded they represented a shortcoming to the security of the drone network.

you guys are fucking brilliant. you concluded unencrypted live video feeds of battlefields represented a shortcoming? your enemy now knows where you are looking, and where you aren't. what your concerns and priorities are, and what you may know about what the enemy is doing. in real time. you morons are truly a credit to the union. i wonder how many soldiers on the ground have had their lives put in danger by this stunning demonstration of cunning military intelligence?

More important question (1)

Fujisawa Sensei (207127) | more than 4 years ago | (#30472820)

So they were able to intercept the unencrypted, a more important question is why weren't these communications encrypted?

Re:More important question (0)

Anonymous Coward | more than 4 years ago | (#30472896)

no, the more important question is: are the -command- signals encrypted? having the taliban flying armed drones would be very bad.

Re:More important question (4, Insightful)

Fieryphoenix (1161565) | more than 4 years ago | (#30472964)

From what I could make out, it's just the video stream transmitted by the drone that's unencrypted, not communications that control the drone. The obvious reason this might be done is to save on the computational requirements onboard the drone by not making it encrypt the presumably immense data stream of the video. Decrypting the rest of the communication the drone receives is probably an order of magnitude less processing load, or even two.

If received and understood by the enemy in a timely manner, very useful information. But if it is just the image unencrypted and not GPS coordinates, etc, the enemy would have to have enough people watching the feeds to recognize the terrain that was being photographed... it's easy to see why this might not be considered likely and lead to the poor judgement to leave it unencrypted when the drones were designed, many years ago with less powerful processors available.

What about the control channel? (1)

FauxPasIII (75900) | more than 4 years ago | (#30472832)

If the data feed coming _from_ the drone is cleartext, what about the commands being sent to it? TFA says there's "no evidence" that insurgents have been able to commandeer the drones yet, but doesn't say whether that's because the channel is secure, or that they just haven't reverse-engineered the protocol yet. O_o

Re:What about the control channel? (1)

likuidkewl (634006) | more than 4 years ago | (#30472892)

It's not the protocol that needs to be hacked it the encryption system. Control is encrypted and if they stick to strict protocol for CMS then they are changed on a daily basis. But, these are lowest bidder contractors we are talking about here so who knows!

Re:What about the control channel? (1)

jc42 (318812) | more than 4 years ago | (#30473132)

But, these are lowest bidder contractors we are talking about here so who knows!

And those contractors probably subcontract the software to firms in southeast Asia.

Note that "The Defense Dept won't allow that" isn't a valid answer here. The software in question seems to not be military software; it's commercial software that more or less accidentally has military application. Chances are very small that it was done on a military contract. (It could be interesting to verify this though, because if it turns out that it was developed with DoD funds, it would add greatly to the humor of the situation. ;-)

Dear Secretary Gates.. (1)

wiredog (43288) | more than 4 years ago | (#30472846)

Are you trying to lose the fucking war?

Re:Dear Secretary Gates.. (0)

daveime (1253762) | more than 4 years ago | (#30473150)

I can't seem to remember the last time they *won* one ... they just seem to go in guns blazing, kicking ass, then hang around like bad smells for 10 years until the locals kick them out.

Yes, keep looking at the unencrypted channel... (1)

MiniMike (234881) | more than 4 years ago | (#30472852)

Yes, keep looking at the unencrypted channel playing a video loop of some clouds, while those watching the encrypted channel see the drone get closer and closer to you...

All part of the plan... (1)

knuckledraegger (910257) | more than 4 years ago | (#30472860)

That's a great way to spread disinformation. Encrypt what you want to look at and don't encrypt what you want the enemy to see.

This is a fucking disgrace. (1, Funny)

otis wildflower (4889) | more than 4 years ago | (#30472870)

Whoever made this decision at General Atomics should be put up against the wall and shot. I assume it was management not wanting to get stuck with $100 bill of materials for a slightly faster CPU or DSP that can do realtime encryption, or by underbidding enough to get the contract only to cheap out and fuck it up.

Whoever accepted this for the military should be court-martialed, put up against a wall, and shot. Folks that stupid should be nowhere near technology. This is also likely some form of typical military graft, and at this point the folks involved probably have cushy General Atomics mob jobs.

We (the Allies we) cracked Enigma and Purple, and we get down to this.. It's not like uncrackable crypto isn't available FOR FREE, often designed by folks on the military payroll in some fashion years or decades ago.

Thanks, GA, for ruining my morning.

2004 News Release on encryption used by ScanEagle (0)

Anonymous Coward | more than 4 years ago | (#30472898)

A quick search on Google came up with this article indicating that Boeing/Insitu's ScanEagle UAV is capable of encrypted transmission:
http://www.boeing.com/news/releases/2004/q4/nr_041221n.html

"Skygrabber", the software they speak of... (1)

HansWurst (1029602) | more than 4 years ago | (#30472992)

...is just a dvb-s grabber, see:

http://www.skygrabber.com/en/skygrabber.php [skygrabber.com]

And all it does is intercept unencrypted IP packets from satellites which use IP over dvb-s for internet connections (most of them are one-way connections, uplink via pots modem/isdn).

So this is _definitly_ _NOT_ "spying on drones", I highly doubt that the drones themselves have an dvb-s transmitter in the same frequency range as "public" communication sats. It _might_ be that some of the drone data was/is routed through the internet and therefore could be intercepted with above software _IF_ some military dudes use any of the commercial ip-via-sat-providers (or even their _unencrypted_ own), but this isn't different from normal ethernet/wifi/whatever carrier ist used - sniffing.

Oh and btw., open source terrorists get their awsome drone sniffing software for FREE!!!!1111:

http://sites.google.com/site/skynetr32/skynet.%3Ar32_index_en [google.com] (in case you're to lazy to klick on the link: basically another dvb-s file sniffer, but open sauce).

Some real kneejerk reactions above (5, Interesting)

Kupfernigk (1190345) | more than 4 years ago | (#30473018)

Really this is a huge fuss over nothing, and some of the more wacko conspiracy theories about CIA honeypots and the like (above) are just as silly as the "shoot General Atomics" mob.

Is there any real security risk in this? I suspect it is very small. The Russians never bothered to encrypt the telemetry on their ICBM tests, because after all even assuming someone was reading it, they had no way of stopping the thing. Even if you know where the drone is, it is going to be very hard to shoot down; RPGs and IEDs really aren't much use. And given that this is a video feed, how do you ray trace back to the actual position of the camera?

Unfortunately there are plenty of assholes out there who will exaggerate anything in order to claim that they are more security conscious than the next person (and perhaps hope to get a contract for their company). But this is surely small war, no-one dead, move along please.

An opportunity for the DMCA (1)

MasterPatricko (1414887) | more than 4 years ago | (#30473056)

Finally, a case where the DMCA and anti-piracy laws COULD actually improve national security!

Of course, trying to serve terrorists with DMCA DRM circumvention notices could be even more pointless than sending them to The Pirate Bay...

Make the enemy see what you want them to see (1)

Ch*mp (863455) | more than 4 years ago | (#30473114)

Fake footage sent in clear.
The real footage encrypted.

LISTEN UP TARDS (0)

Anonymous Coward | more than 4 years ago | (#30473126)

How do you fucking know it was not intentional in order to fool the goat lovers? Its called deception, look it up.

      Sometimes you fucking people are just so full of yourselves

how about .. (1)

viralMeme (1461143) | more than 4 years ago | (#30473172)

how about encrypting the downlink DOH!

Real impact is close to zero (1)

rzei (622725) | more than 4 years ago | (#30473176)

UAVs are to detect hostiles, observe movements (spying if you will) and perhaps engage them. You can't really use the UAV information to kill the ones benefiting from it -- unless someone is stupid enough to observe/admire their own camp from an UAV, which at wartime sounds pretty stupid. As an opposing force member you could see yourself in it's video feed, or gain information that you are not. That information can however be gained other ways too; for example:

  • If the other side knows about you, and have assessed you as a significant threat, they will take action. Nevertheless, you must be prepared to be taken action upon; it's not like any trained militia is going to party high until they are certain they are going to get hit, they'll always keep high alertness. With the modern UAV's carrying air-to-ground missiles you really can't move your terrorist training camp out of the way before UAV operator gets permission to blow you up, even if you knew that they had just learned about you -- there just is not enough time.
  • If the other side doesn't know about you, they can't take any straight action against you. Simple as that.

Information sent by this UAV becomes a problem if it's decode able by the opposing forces while it's landing to or taking off from the airforce base. Then again, there cannot be too much to learn from there. As an opposing force member you most likely already have information (googled up perhaps) about their airforce base, the kind of security they have behind their lines. If someone was decoding your UAV transmissions to learn about your airbase, you'll most likely been already compromised as they ought to be in the visual range as well.

Of course this is mostly from army point of view, intelligence gathering can't be stupid enough transmitting anything unencrypted/unobfuscated.

Can't add encryption? (3, Interesting)

RealErmine (621439) | more than 4 years ago | (#30473212)

From TFA:

The difficulty, officials said, is that adding encryption to a network that is more than a decade old involves more than placing a new piece of equipment on individual drones. Instead, many components of the network linking the drones to their operators in the U.S., Afghanistan or Pakistan have to be upgraded to handle the changes.

As an engineer in the defense industry and with experience integrating communication systems, I can't even think of one military data radio system in use that doesn't have encryption ability. Even if they are using off-the-shelf wifi (doubtful) they wouldn't need to change hardware to at least have some encryption. Either this quote is a lie, or someone did something monumentally stupid.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...